Microsoft Entra Join is used to sync your Lively Listing objects to Microsoft Entra ID. Synchronizing your AD with Entra ID lets you create a hybrid atmosphere with all its benefits, like Single Signal-On, simple password resets, and so forth.
Earlier than you begin putting in Entra Join, it’s good to know that there’s additionally a lighter model, Entra Cloud Sync. Ensure you try the distinction between the 2 options on this article earlier than you proceed.
On this article, I’ll clarify the right way to set up and configure Microsoft Entra ID Join.
Necessities
Earlier than putting in Azure AD Join it’s good to check out the necessities for the instrument. In case you have a big tenant, then just remember to examine the required server specs. Different necessary necessities are:
- Home windows Server 2016 or later
- Home windows Server Code isn’t supported (Full GUI required)
- .Internet Framework 4.7.2 or newer is put in
- TLS 1.2 enabled – use this script to examine it it’s enabled
After we have a look at the required system specs, you will note {that a} minimal of 70 GB of disk area is required. For small or medium environments, you’ll be able to simply do with much less, however when you’re going to sync 1000 or extra objects, then it’s good to maintain this requirement in thoughts.
You’ll be able to, in idea, set up Entra Join on the area controller, however this isn’t beneficial. Area controllers require the best stage of safety in your community, so we don’t wish to add any providers to it as a result of this will increase the assault floor.
Additionally, within the case of bigger environments, the sync course of can have an effect on the efficiency of the area controller, so it’s higher to put in the instrument on one other area member server.
Just remember to run the IdFix instrument earlier than rolling out Entra ID join to unravel any identification errors and duplicates earlier than synchronizing.
Putting in Microsoft Entra Join
We’re going to set up and configure the Microsoft Entra Join instrument. In the course of the set up, we are going to want our Entra ID World Administrator account (account identify ends with <your-domain>.onmicrsoft.com) and the Area admin account.
Time wanted: 5 minutes
First just remember to obtain the newest model of Microsoft Entra Join. Humorous observe, the MSI file remains to be referred to as AzureADConnect.
- Begin the Entra Join set up
Open the .msi file that we downloaded and settle for the phrases to proceed
- Use Specific Settings
You’ll be able to select between Specific or Personalized set up
For 90% of the deployments is Specific set up good. It may be used if in case you have a single AD forest and fewer than 100.000 objects in your AD. It permits Password Hash Synchronization that can be utilized with single sign-on, synchronizing all customers, teams, contacts, and units, (you’ll be able to change that within the final step), and permits auto-update of Microsoft Entra Join.
- Enter your Microsoft Entra ID international administrator credentials
Don’t use your area admin account right here, however just remember to use the Entra ID World Admin account. The one which ends with .onmicrosoft.com
After you click on on Subsequent, you will note an Microsoft 365 sign-in dialog to confirm your credentials.
- Hook up with your AD DS (Native Lively Listing)
Subsequent we have to connect with our Lively Listing Area Companies. Right here we use our area admin account.
As a result of we’re utilizing the Specific settings, Microsoft Entra Join will create a neighborhood service account in your AD. You’ll be able to regonize the account by the username MSOL_xxx.
- Confirm the UPN Suffic
The Lively Listing UPN Suffic ought to match together with your customized area in Microsoft Entra ID. If it doesn’t match, then customers received’t be capable to use your on-premise credentials to check in.
I’m utilizing a improvement atmosphere, so within the screenshot beneath I simply proceed with no matching UPN.
- Set up and Configure
With every little thing set, we will set up and configure Microsoft Entra Join Sync. In the event you wan’t to customise which OUs are synced to Entra, then uncheck Begin the synchronization course of, this manner you’ll be able to alter the configuration afterwards.
- Finishing the Set up
It may take a few minutes for the set up and configuration to finish. When achieved, log in to your Microsoft 365 atmosphere to confirm the person acocunts.
Verifying the Synchronization
The set up instrument performs an preliminary synchronization and units up an automated sync schedule. Let’s confirm this to make it possible for every little thing is synced as anticipated.
There are a few locations the place we will view the sync standing:
- Microsoft 365 Admin Middle
- Microsoft Entra ID
- Synchronization Service Supervisor
Microsoft 365 Admin Middle
Within the Microsoft 365 Admin Middle, you’ll be able to typically see the present sync standing on the dashboard. However a greater place is to examine the Listing sync standing, which you will discover underneath Well being within the sidebar.
This will provide you with a fast overview of when the final listing and password sync was executed and another related data.
Microsoft Entra ID
In Microsoft Entra ID you’ll be able to see a bit extra particulars with regards to the sync standing and any potential errors:
- Open the Microsoft Entra Admin Middle
- Develop Id > Hybrid Administration and select Microsoft Entra Join
- Click on on Join Sync
Right here additionally, you will see the final sync time, but additionally if any options like Seamless Single sign-on are enabled. In the event you click on on Microsoft Entra Join Well being then you can too see any sync errors and see the precise particulars of it.
Synchronization Service Supervisor
We will additionally view the synchronization standing on the server the place we put in the Entra Join instrument. Within the begin menu one can find the Synchronization Service Supervisor underneath Azure AD Join.
The instrument will checklist the standing of all synchronization, and as you acn see, the primary one was a full import, which added 349 objects.
Altering the Configuration
We’ve put in the Microsoft Entra Join instrument utilizing the Specific settings. As talked about, that is good for many organizations, however what if you might want to change a setting? Let’s say we don’t wish to sync the whole Lively Listing, however filter out some OUs from the sync.
To do that, we will merely open the Entra Join Sync instrument and alter the configuration. Bear in mind although, when you have got the configuration instrument open, the sync can be pauzed untill you’re completed.
- Open Microsoft Entra Join (nonetheless named Azure AD Join within the begin menu…)
- Click on on Configure
- Select Customise Synchronization choices
- You will have to Hook up with Microsoft Entra ID, merely click on subsequent and login with the Entra ID World Administrator account
- Click on Subsequent to skip the Join your Directories
- Choose Sync chosen domains and OUs
- Deselect the OUs that you just don’t wish to sync anymore
- Click on Subsequent
- Go away the non-obligatory options as is and click on Subsequent
- Click on Configure to make the adjustments and (re-)begin the synchronization course of.
Wrapping Up
Putting in Microsoft Entra Join has develop into fairly simple with the categorical settings. Just remember to use the IdFix instrument earlier than your begin your synchronization to search out any errors.
It’s potential to put in Entra ID Join in your area controller, however solely if in case you have a small tenant and your server has sufficient efficiency. In any other case, it’s higher to put in the instrument on a separate domain-join server.
I hope you discovered this text helpful. In case you have any questions, simply drop a remark beneath.
